Kent:
How about this:
self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME = '%s'" %
(name, ))
Question, does execute know to substitute the question mark with name?
self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME= ?", (name, ))
TIA
Kent Johnson wrote:
On Fri, Sep 18, 2009 at 11:49 AM, Jeff Johnson <j...@dcsoftware.com> wrote:
Kristina:
I would format it as follows:
self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME = '%s'" % name)
No, that is a recipe for SQL injection attacks such as this:
http://xkcd.com/327/
self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME= ?", (name))
I think that should have a comma to create a tuple:
self.cursor.execute("SELECT CUSTID FROM Stories WHERE NAME= ?", (name,))
I don't know if that could cause your problem.
Kent
--
Jeff
Jeff Johnson
j...@dcsoftware.com
Phoenix Python User Group - sunpigg...@googlegroups.com
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
